5 Answers
5

Note: This answer is aimed at really non-technical people, I have tried to make it understandable by a child, please don't be offended!

Lets say I want to send something to you, but I don't want anyone else to be able to read it. The first thing that comes to mind is encryption! Encryption gives confidentiality, right? It sure does, but there are some problems to address.

Classical, or symmetric encryption requires some kind of shared secret. In the computer world, this is called a key. The problem is, in order to communicate confidentially using symmetric encryption, we both have to know the same key. We have to communicate this key to each other by some secure means before we can use it. It's a chicken-and-egg situation, we need to send the key confidentially in order to have a confidential channel.

One solution would be to meet up somewhere physically, agree on a key (which is just a really big number), and then go our separate ways. With this arrangement, we know we are the only two people who know the key, and we can happily transmit messages to each other using it, in the knowledge that nobody else can read those messages.

This solution does not scale well, and in the world of the internet when we might want to talk securely to a few dozen parties a day, that would be a whole bunch of secret meetings to set up, a whole bunch of keys to keep track of, and a fortune in travel costs.

Enter some really clever mathematicians. Asymmetric cryptography is essentially a smart bit of maths that allows us to use a pair of keys. One key for encryption, and one key for decryption. What's more, it is impossible to generate one key from the other.

Think of it like this; the encryption key is a padlock. You just click it closed, and it locks. The decryption key is like the padlock key.

It works like this; I want to communicate with you securely, but we have never met, and share no secret.

You send me your padlock.

I write my message to you, put it in a box, and lock it with your padlock.

You keep hold of your padlock key at all times, so you are the only person who can unlock the padlock. Once I have locked the box, not even I can open it, because I don't have the key.

Then I send the box to you, safe in the knowledge that you are the only person that can unlock it.

Someone watching our traffic can see you send over your padlock (encryption key). But they can't do anything with that padlock except lock things that only you can open. They can't examine the padlock to figure out how to make a padlock key for it, the mathematics of the system ensure this.

They then see my message to you, locked away with the padlock, but they don't have the padlock key, so they can't do anything with it.

The background comes from this older answer. Here's the summary: public / private key encryption is like a keyed padlock. Anybody can be given a lock and anybody can close that lock to secure a box. The lock's owner keeps the key to themselves.

For some complicated reasons, using keyed locks takes a long time and only fit one size box. To make lots of exchanges quicker, we usually send a combination lock (for our analogy, the kind you can set the code on) inside the box that is secured by the keyed lock and we tape the code you want the lock set to right on the lock. Those combination locks are more universal and can secure very large boxes. The obvious catch is that since you must send the code you plan to open the lock with along with the lock, you must make sure that it won't be seen by people you don't want to see your data.

Think of the blue USPS mailboxes sitting in an office building or outside a post office. There is a door that anyone can open, that they can use to insert mail. However, this door is one-way; once the mail is in the mailbox, that door can't be used by anyone else to get any mail back out. Instead, there is a second door secured by a key that only the postman has, which he uses to get all the mail back out.

This is roughly analogous to an asymmetric-key system. The "public key" is freely available, like the name implies; it allows anyone to send a message to the recipient in a secure manner. Nobody else, not even other people sending messages, can see what you're sending. Even you can't see what you sent, if you forgot. Only the recipient, with the "private key", can get those messages back out and read them.

Yup, but we explaining something on a basic level... I mean were not going to key shapes and lock pin configuration here.
–
Layton EversonDec 20 '12 at 19:47

True, but the question is asking about Public/Private key encryption, not encryption in general. Simply saying it is like a lock doesn't explain anything about what public/private key encryption is, just what encryption in general is.
–
AJ HendersonDec 20 '12 at 20:42

A public key is like a phone number listing in a phone book. It tells everyone that if they use your listing to contact you, then you will get the message and not your next door neighbor. Similarly, if you call from your phone (the private key) then they can see your caller id and know that it is you calling since the phone book says it is your number.

It isn't quite perfect since caller id can be spoofed, but it explains the general idea.